on 2/19/03 3:05 PM, Brian Candler <[EMAIL PROTECTED]> wrote: > On Wed, Feb 19, 2003 at 04:21:38PM -0600, Matt Pavlovich wrote: >> What the hell good is this? What service in their right mind would >> store clear text passwords? > > It depends on your threat model. > > Which do you think is more likely: that someone will break into your server > and steal all the passwords? Or that someone will monitor the sessions > between your users and the server, and sniff the passwords? > > In the case of PPP dial-up authentication, I'd say that interception is > difficult (and therefore PAP with an encrypted password on the server is > preferable to CHAP which requires a cleartext password on the server) > > However, it's not so clear-cut in the case of POP3 over the Internet, since > sniffing passwords is so easy. You won't get every password, but if you > sniff for a day or two you'll get a fair proportion. Arguably a > challenge-response system, which requires a cleartext password for each > account on the server, is more secure overall. > >> What moron at MS thought this up? Why not >> challenge/response based on the SHA1 hash of the pass vs the clear text >> password? > > I am not quite sure what you're getting at. You cannot design a > password-based authentication system where there is neither a 'cleartext' > shared secret at the server, nor a 'cleartext' password sent over the wire. > By all means feel free to try :-) It's circle-squaring. > > If you want not to send the password over the wire, and not to store > material on the server which could be used to authenticate if stolen, then > you need to forget passwords and move to asymmetric (public-key) > authentication methods.
It seems to me you can do both if you can come up with a commutative pair of hashing functions. This approaches public-key I suppose, but as I am thinking of this it can be purely a server-side decision to implement this. You send over the wire HASHA of the password. The server stores HASHB of the password and forgets the original password. This assumes the password is sent once in one direction or the other (or communicated by another medium such as phone or mail) so that at one moment both sides know the password. To authenticate the server computes HASHB of what was sent over the wire and compares it to HASHA of what is stored. Perhaps this does not meet the requirements you have in mind. The requirement here is that HASHA(HASHB(x)) equals HASHB(HASHA(x)) and perhaps this is not achievable for existing HASHA functons in common use by client software. I don't know anything about CHAP or other methods - these are just thoughts. -Kurt Bigler > > Regards, > > Brian. ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
